Created attachment 444609 [details] EWS v1 Besides missing ChangeLogs, I know this'll need more work. Need EWS to tell me how much more.

Created attachment 444623 [details] EWS v2

Created attachment 444628 [details] EWS v3

Created attachment 444631 [details] EWS v4

Created attachment 444641 [details] EWS v5

Going to mark for review even while I work on resolving the api-mac failure

Comment on attachment 444641 [details] EWS v5 View in context: https://bugs.webkit.org/attachment.cgi?id=444641&action=review > Source/WebKit/NetworkProcess/Notifications/NetworkNotificationManager.cpp:45 > + auto cfData = m_networkSession.networkProcess().sourceApplicationAuditData(); You can probably do this from sourceApplicationAuditToken to be slightly more efficient. > Source/WebKit/Shared/Cocoa/CodeSigning.mm:78 > + auto pair = codeSigningIdentifierAndPlatformBinaryStatus(token); This doesn't need to call SecTaskGetCodeSignStatus. > Source/WebKit/webpushd/PushClientConnection.mm:42 > +void ClientConnection::setAuditTokenData(const Vector<uint8_t>& tokenData) This is a little strange. Isn't xpc_connection_get_audit_token enough? > Source/WebKit/webpushd/PushClientConnection.mm:72 > + m_hostHasPushEntitlement = WTF::hasEntitlement(*m_hostAppAuditToken, "com.apple.private.webkit.webpush"); This is typically done at the time a connection is being received, then terminating the connection if it doesn't have an entitlement. That way you avoid bugs where you forgot to check the entitlement. If you have a connection, then it is entitled. > Source/WebKit/webpushd/WebPushDaemon.h:56 > + void echoTwice(ClientConnection*, const String&, CompletionHandler<void(const String&)>&& replySender); We can probably remove this at some point. > Source/WebKit/webpushd/WebPushDaemon.h:77 > + HashMap<xpc_connection_t, std::unique_ptr<ClientConnection>> m_connectionMap; It's a little strange that the connection is both in the key and the value.

(In reply to Alex Christensen from comment #7) > Comment on attachment 444641 [details] > EWS v5 > > View in context: > https://bugs.webkit.org/attachment.cgi?id=444641&action=review > > > Source/WebKit/NetworkProcess/Notifications/NetworkNotificationManager.cpp:45 > > + auto cfData = m_networkSession.networkProcess().sourceApplicationAuditData(); > > You can probably do this from sourceApplicationAuditToken to be slightly > more efficient. Yes. > > > Source/WebKit/Shared/Cocoa/CodeSigning.mm:78 > > + auto pair = codeSigningIdentifierAndPlatformBinaryStatus(token); > > This doesn't need to call SecTaskGetCodeSignStatus. I was trying to reuse the existing abstractions, but will open it up a bit more. > > > Source/WebKit/webpushd/PushClientConnection.mm:42 > > +void ClientConnection::setAuditTokenData(const Vector<uint8_t>& tokenData) > > This is a little strange. Isn't xpc_connection_get_audit_token enough? xpc_connection_get_audit_token gets the audit token of the remote process. For example, in webpushd, it gets the audit token of com.apple.WebKit.Networking We need the remote-remote audit token. E.g. if com.apple.WebKit.Networking is running on behalf of Safari, we need Safari's audit token. This would've been made much clearer if I named these methods more precisely. > > > Source/WebKit/webpushd/PushClientConnection.mm:72 > > + m_hostHasPushEntitlement = WTF::hasEntitlement(*m_hostAppAuditToken, "com.apple.private.webkit.webpush"); > > This is typically done at the time a connection is being received, then > terminating the connection if it doesn't have an entitlement. That way you > avoid bugs where you forgot to check the entitlement. If you have a > connection, then it is entitled. Once again, see above: This isn't the remote connection... this is the host app *of* the remote connection. So it cannot be done at connection time. > > > Source/WebKit/webpushd/WebPushDaemon.h:56 > > + void echoTwice(ClientConnection*, const String&, CompletionHandler<void(const String&)>&& replySender); > > We can probably remove this at some point. Sure. Will do separately. > > > Source/WebKit/webpushd/WebPushDaemon.h:77 > > + HashMap<xpc_connection_t, std::unique_ptr<ClientConnection>> m_connectionMap; > > It's a little strange that the connection is both in the key and the value. I have no alternative suggestions though.

Created attachment 444760 [details] Updated for review feedback, still building locally to explore Mac API test failure

In DaemonConnectionSet I made the map a map from the connection to a collection of metadata that doesn't contain another reference to the connection. That's my alternative suggestion

(In reply to Alex Christensen from comment #10) > In DaemonConnectionSet I made the map a map from the connection to a > collection of metadata that doesn't contain another reference to the > connection. That's my alternative suggestion I'm not clear on how that's better - It's still a map of xpc_connection_t to information about those connections. For future reference: ClientConnection WILL have more data and behaviors than just what this patch introduces, very soon. It will be supremely useful for things like "This xpc connection dropped - Find it's resulting WebPushD::ClientConnection object and have it clean up outstanding activities"

I figured out the Mac API test issue, but need to finish a full Mac build to resolve. Will do soon. This patch still reviewable.

Comment on attachment 444760 [details] Updated for review feedback, still building locally to explore Mac API test failure View in context: https://bugs.webkit.org/attachment.cgi?id=444760&action=review > Source/WebKit/NetworkProcess/Notifications/NetworkNotificationManager.cpp:39 > NetworkNotificationManager::NetworkNotificationManager(NetworkSession& networkSession, const String& webPushMachServiceName) nit: mach service names can be a CString because they are always ASCII. > Source/WebKit/NetworkProcess/Notifications/NetworkNotificationManager.cpp:53 > + sendMessage<WebPushD::MessageType::SetHostAppAuditToken>(auditTokenData); Sending the first message will start the daemon if it hasn't been started, so we probably want to lazily send this to prevent unnecessary daemon starting. > Source/WebKit/webpushd/PushClientConnection.h:44 > + String hostAppCodeSigningIdentifier(); nit: can this return a const String& ?

Created attachment 444780 [details] More for EWS while I explore Mac API thingy

Can't reproduce the mac-api test failure locally. My suspicion is internal vs non-internal SDK. (related to entitlements or audit tokens somehow) Building on a public SDK now.

Created attachment 444787 [details] PFL v1 The Mac-api-test failure was because the source application audit token wasn't making its way through. This was because USE_SOURCE_APPLICATION_AUDIT_DATA was true for Mac only in the internal SDK... but it seems to work great in the public SDK as well. Enabling that and giving it a test run.

(In reply to Brady Eidson from comment #16) > Created attachment 444787 [details] > PFL v1 > > The Mac-api-test failure was because the source application audit token > wasn't making its way through. > This was because USE_SOURCE_APPLICATION_AUDIT_DATA was true for Mac only in > the internal SDK... but it seems to work great in the public SDK as well. > > Enabling that and giving it a test run. And it's obvious that we're not ready for all the related fallout from that. Doing something more limited.

Created attachment 444838 [details] PFL v2

Created attachment 444844 [details] PFL v3

Committed r286075 (244462@main): <https://commits.webkit.org/244462@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444844 [details].

<rdar://problem/85618026>